Executive Briefing November 10, 2017

HILL UPDATE

Reuters and several outlets reported that the House Judiciary Committee voted 27-8 to pass the USA Liberty Act. The Section 702 reauthorization bill would impose new privacy and transparency provisions, including certain warrant requirements for the FBI, and authorize the bill through 2023.

ARTICLE SUMMARY

We entered the age of surveillance capitalism blindly over the last decade, without understanding what we were doing to ourselves, and almost without the conceptual tools to understand it either. Now we have woken up to the situation where a handful of giant companies have grown unfathomably rich by processing and then selling on our personal data. We are increasingly conscious of all the ways in which the big data companies know more about us than we know ourselves, and certainly more than we would willingly expose to anyone. Social networks have come to be seen as a way to turn personal information into money, but the data is yours and the money is some squillionaire’s in Silicon Valley. The data protection bill, which is back in the Lords now, is an attempt to redress this imbalance, or at least to give teeth to the idea that we own our own data. It originates in the EU’s general data protection regulation, which will become law in 2018. We are going to have to adopt the data protection regime of our neighbours if we want to do business with them – 75% of the UK’s data transfers are with EU member states.

Whether it’s to “bring the world closer together” or improve its public image, Facebook today announced Community Boost. Facebook tells me it’s investing tens of millions of dollars into the program that will travel to 30 cities around the U.S. in 2018. It will teach digital job skills to the unemployed, internet literacy to those just getting online, startup methodology to entrepreneurs and customer growth to small business owners. Unsurprisingly, though, all these skills revolve around Facebook, which Facebook clearly thinks is the key to a better life. Stops on the tour include Houston, St. Louis, Albuquerque, Des Moines and Greenville, South Carolina — which are conspicuously all red states that voted for Trump in the 2016 election. Perhaps Facebook hopes to reduce unemployment that led to the dissatisfaction with current political systems which landed us Trump.

New York Law Journal published a piece by Philip M. Berkowitz, co-chair of Littler Mendelson P.C.’s U.S. international employment law and financial services practices, examining how Microsoft’s warrant case impacts cross-border data discovery. Berkowitz explains that neither cross-border discovery nor the conflict of more limiting foreign laws are new challenges, and that the case reflects both a conflict of laws and a clash of cultures.

Google is urging U.S. election regulators to consider more explicit rules around online political advertisements, perhaps including the extent to which election ads about some issues, not just candidates, should be banned if they’re purchased by a foreign entity. The comments — filed with the Federal Election Commission on Thursday — also appear to call for greater clarity as to how the search giant and its tech peers should handle the likes of RT, the Russia-backed news organization that has been blasted by the U.S. government for spreading propaganda online.

The line between security and privacy is difficult to draw. However, it must be drawn and regularly redrawn as circumstances and the world change. At the same time, overdrawing the line, or drawing it in a vacuum, can cause the delicate balance to tip in a way that undermines both privacy and security. Congress and the Supreme Court face similar, momentous questions this fall, namely whether Americans, by speaking or even just carrying their phones, give up some measure of their personal privacy for the sake of common security. Concurrently, Europe is getting ready to implement a sweeping new data protection regulation, one that will impact the balance between privacy and security in the United States and may set up a conflict of laws that ensnares U.S. companies and authorities alike.

Des Moines Register Amid growing threats, Iowa lawmakers push for better state and local cybersecurity
The two legislators’ visit to Microsoft headquarters follows two recent serious breaches of cybersecurity in Iowa: The theft of hundreds of thousands of dollars from 103 retirees’ accounts with the Iowa Public Employees’ Retirement System and a cyberattack involving the Johnston school district that was identified after several parents received anonymous text messages that threatened violence to schools and students.

The Texas church massacre is providing a familiar frustration for law enforcement: FBI agents are unable to unlock the gunman’s encrypted cellphone to learn what evidence it might hold. But while heart-wrenching details of the rampage that left 26 people dead might revive the debate over the balance of digital privacy rights and national security, it’s not likely to prompt change anytime soon. Congress has not shown a strong appetite for legislation that would force technology companies to help the government break into encrypted phones and computers. And the fiery public debate surrounding the FBI’s legal fight with Apple has largely faded since federal authorities announced they were able to access a locked phone in a terror case without the help of the technology giant.

HONG KONG — China does not allow its people to gain access to Facebook, a powerful tool for disseminating information and influencing opinion. As if to demonstrate the platform’s effectiveness, outside its borders China uses it to spread state-produced propaganda around the world, including the United States. So much do China’s government and companies value Facebook that the country is Facebook’s biggest advertising market in Asia, even as it is the only major country in the region that blocks the social network.

Facebook appeared before the Senate Intelligence Committee last week, revealing that 126 million people saw Russia-created Facebook content during the 2016 election. It’s a blow to CEO Mark Zuckerberg’s initial dismissal of the idea that the spread of fake news on Facebook could have any impact on a U.S. election. Now, under intense scrutiny from lawmakers, Facebook is singing a different tune — promising to hire more people to monitor content and advertising. But this wasn’t the first time Zuckerberg has brushed off critics and then had to backtrack. Inside sources told VICE News it’s part of a decade-long pattern of product roll-outs, embarrassing exposures, and denials that put profit first and Facebook’s two billion users last.

ZDNet NATO just added cyber weapons to its armoury
The NATO Secretary General wouldn’t say where cyber weapons were likely to be used next but said: “We are now integrating cyber effects into NATO missions and operations to respond to a changed and new security environment where cyber is part of the threat picture we have to respond to.” It will be up to member states to decide what kinds of cyberwar capabilities they are willing share with NATO.

Just Security published a piece by Ali Cooper-Ponte, Yale University law student, urging Congress to update ECPA with new guidelines governing the use of secrecy orders attached to requests for customer data. The piece examines the new guidance issued by the DOJ in response to Microsoft’s lawsuit challenging gag orders, but explains that further legislative action is needed because state and local authorities are not bound to the new guidance. In particular, the piece notes the disparity between standards for gag orders at the federal and state and municipal levels, and the lack of concrete info on how many secrecy order requests major tech companies receive from state and local authorities.

Law.com published a piece by Justin Guido, associate at Rumberger Kirk & Caldwell PA, examining Microsoft’s and Google’s challenges of SCA warrants for data stored abroad and the conflicting rulings on the subject from the Second Circuit and a judge in the Eastern District Court. Guido highlights that rulings by both courts only addressed the use of SCA warrants for overseas electronic data but failed to address the extraterritorial reach of an SCA subpoena.

The “gig economy” is hardly new, but there’s still a yawning gap between the attention it receives and our understanding of how it is—or isn’t—altering the nature of work in America. It may be a Bay Area joke that everyone is either working in the valley or for Task Rabbit, and Uber may be the world’s most valuable startup, but there may be dozens of Apple executives who are personally worth more than Ikea paid to acquire TaskRabbit. The gig economy may be disruptive, but it is still in its infancy. We know startlingly little about the interplay between online-facilitated gigs (Uber, TaskRabbit, GrubHub, Airbnb hosting) and traditional employment. That’s because we analyze employment in the US using 20th century definitions, and data that government agencies struggle to understand on limited budgets. The result is that we know something has changed, but we don’t know how or how much.

THINK TANK/TECH TRADE ASSOCIATION HIGHLIGHTS

American Enterprise Institute (AEI)

Op-ed on regulating tech companies: “Using content regulation to limit the ability of tech giants to shape public debates is a double-edged sword. Tools that may appear as a good idea when ‘our’ people are in charge quickly become less appealing when the other side controls levers of power,” research fellow Dalibor Rohac wrote. He added, “If they can invest in editorial judgment and quality control, crack down on bots and increase the transparency of their advertising schemes, the political case for new rules will become much weaker.” (U.S. NEWS & WORLD REPORT – Tech companies must regain trust, By Dalibor Rohac, November 8, 2017)

Aspen Institute

Blog post on workforce development: Executive directorAlastair Fitzpayne wrote that Congress “should examine policies that increase workforce training investments…Employers play an important role in preparing workers for long-term career success. While the nature of work continues to evolve, we need to ensure that workers have access to training – helping them to acquire the skills needed to succeed in the jobs of the future.” (ASPEN BLOG – Investing in the workforce of the future, By Alastair Fitzpayne, November 8, 2017)

Brookings Institute

Blog post on artificial intelligence and jobs: Fellow Makada Henry-Nickie wrote that “the proliferation of AI technology seems more likely to disrupt an unexpected population: skilled knowledge workers whose jobs involve data-driven decision-making.” She also noted that “unfortunate fear mongering blurs an important reality: machines create fascinating outputs that require less human energy to produce, and they do so at relatively lower costs.” (BROOKINGS BLOG – AI should worry skilled knowledge workers too, By Makada Henry-Nickie, November 8, 2017)

Multiple blog posts on broadband:

Fellow Adie Tomer wrote, “While Congress considers policies related to expanding broadband availability, there is little to no legislative activity related to broadband adoption.” He added, “Getting broadband to be as ubiquitous as electricity and water service will require tough conversations about the federal role around digital skills training, pricing support, and how to pay for it. But doing nothing likely means new barriers to opportunity, especially for our youth who have no choice as to whether they live in a home with a broadband subscription.” (BROOKINGS BLOG – Broadband gaps impact every member of Congress, By Adie Tomer, November 7, 2017)

Fellow Nicol Turner-Lee argued, “Without access to high-speed broadband, rural residents are severely limited when it comes to economic development, civic engagement, and the other social benefits related to broadband availability and its adoption.” She added, “In the case of broadband deployment, these conversations should anticipate how to fund the access needs of rural America as part of a plan to return prosperity back to American communities.” (BROOKINGS BLOG – How tax reform can support rural broadband, By Nicol Turner-Lee, November 6, 2017)

BSA | The Software Alliance

Statement on USA Liberty Act: BSA has “long urged Congress to ensure that Section 702 of the Foreign Intelligence Surveillance Act strikes a careful balance between pressing national security requirements and individual privacy protections.” The group applauded “the committee for its thoughtful approach to this issue, and looks forward to working with the Committee and other Members of Congress as their work to reauthorize Section 702 continues.” (BSA BLOG – BSA | The Software Alliance Welcomes the USA Liberty Act, November 7, 2017)

Competitive Enterprise Institute

Blog post on internet regulations: Adjunct fellow Jessica Melugin wrote, “CEI agrees and my colleague Wayne Crews has written extensively on the lack of natural monopolies, but the very real (and harmful) politically created monopolies in other network industries.” She asked, “If government is the creator of monopolies and regulation the suppressor of innovation, why not push back against FCC and FTC regulation of the Internet?” (CEI BLOG – Politicians and Entrepreneurs: Let Internet Flourish without Burden of Government Regulation, By Jessica Melugin, November 6, 2017)

Information Technology Industry Council (ITI)

Statement on technology modernization: Senior vice president Trey Hodgkins stated, “Today is an important day for taxpayers across the country because the MGT Act will streamline and modernize how we fund our IT.” He added, “Agencies will now be able to use efficiencies to fund investments in innovative, up-to-date technologies that will protect Americans’ sensitive information, bolster our nation’s cybersecurity, and bring the federal government into the 21st century.” (ITI STATEMENT – ITAPS Commends Advancement of Critical Information Technology Modernization Legislation, November 9, 2017)

Information Technology & Innovation Foundation (ITIF)

Report on third party data access: Vice president Daniel Castro and Google policy fellow Michael Steinberg wrote, “APIs are routinely used within organizations, but open APIs allow third-party access to information as well. Providing third parties with access to this information serves consumers by increasing market transparency and by allowing them to make more informed choices.” (ITIF REPORT – Blocked: Why Some Companies Restrict Data Access to Reduce Competition and How Open APIs Can Help, By Daniel Castro and Michael Steinberg, November 6, 2017)

Internet Association

Blog post on digital trade: The Internet Association wrote, “Barriers to digital trade…continue to threaten American leadership on digital trade and the enormous potential of the digital economy.” The group urged the “USTR to prioritize digital trade in NAFTA modernization talks by seeking strong commitments on data flows and restrictions on server localization; intermediary liability protections; customs modernization; and balanced copyright – including copyright safe harbors and limitations and exceptions for the digital environment – that reflect U.S. law.” (INTERNET ASSOCIAITON BLOG – Barriers to digital trade threaten U.S. internet’s success abroad, November 7, 2017)

New America

Multiple statements on USA Liberty Act reforms:

Policy counsel and government affairs lead Robyn Greene stated, “This bill includes a number of important reforms, but it only partially addresses one issue we’ve been talking about for years: closing the backdoor search loophole. In today’s markup, the committee should beef up its warrant requirement so that it applies to all agencies and all searches through Section 702 data. The committee should pass the Poe-Lofgren amendment, which would ensure that there are no exceptions that could swallow the rule.”(NEW AMERICA STATEMENT – OTI Urges House Judiciary Committee to Strengthen USA Liberty Act’s Reforms in Markup, November 8, 2017)

NOTABLE QUOTES

“These days, most documents exist in a “cloud” that is accessible anywhere on earth. The mere fact that documents may be located overseas, in electronic format or otherwise, should not necessarily compel consideration of the underlying statute’s extraterritorial effect. It would seem all too easy to thwart enforcement of the subpoena or warrant by simply transferring the location of documents overseas. After all, only a small percentage of statutes have extraterritorial effect. .”

“I think there’s going to have to be a lot more work that’s done to make sure that we don’t have the illegal search and seizure of Americans that happens on a regular basis. If it does get out of committee, I don’t think there’s enough support on the House floor for it to pass.”

“Despite this change in DOJ policy, Congress should still act to codify this guidance into the Electronic Communications Privacy Act (ECPA). This is because not all legal process tech companies receive comes from the Justice Department. Often overlooked is the fact that tech companies also receive legal process and their attendant gag orders from state and local authorities not bound by the new DOJ guidance, though some may adopt the new guidance in order to comport with these “best practices.”… ECPA therefore needs to be updated to restrict the use of gag orders outside of the Justice Department.”

“Losing our privacy is the gateway to losing everything that keeps us free – the right to protest, to a fair trial, to practise our religion, to think and speak freely. No country that deploys industrial-scale state surveillance has ever remained a rights-respecting democracy. We now look to the court to uphold our rights where our government has failed to do so.”

“We wait for a mass disaster to sharpen the discussion about this, when we should have been talking about it since San Bernardino. Reasonable people of good will could resolve this problem. I don’t think it’s dependent on the political wins or who is the FBI director. It’s begging for a solution.”

“Although the USA Liberty Act makes some necessary reforms, as currently drafted, we believe the bill does not adequately protect the constitutional rights of Americans. We will offer an amendment that provides the level of constitutional protections that the American people deserve, while affording intelligence agencies the authority necessary to target foreign terrorists, criminals and other overseas intelligence targets.”

“There is no principled basis for lowering the standard of protection in foreign intelligence cases and allowing the government to access through the backdoor what it could not obtain through the front. Americans’ reasonable expectation of privacy in their phone calls and emails does not depend on the government’s reason for wanting to eavesdrop. Nor does the presumption that Americans are innocent until proven guilty apply with less force when the government suspects foreign ties.”

“Our organisations exist to stand up for people and challenge abuse of power. We work with whistleblowers, victims, lawyers, journalists and campaigners around the world, so confidentiality and protection of our sources is vital… The UK government’s vast, cross-border mass surveillance regime – which lets it access millions of people’s communications every day – has made those protections meaningless.”

“These practices are unlawful and violate the fundamental rights of individuals across the world, assailing privacy and chilling thought and speech. They are incompatible with open and democratic societies.”

“Regardless, the decisions illustrate the challenging questions raised by the un-territorial nature of electronic data and how it comports with data privacy rights and sovereignty on the international stage. The U.S. government has appealed the Second Circuit’s decision to the U.S. Supreme Court. Perhaps the Supremes will shed some light.